SolarWinds Serv-U Path Restriction Bypass Vulnerability 

(CVE-2025-40549)

Download PDF

Summary

A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to execute code on a directory.

This issue requires administrative privileges to abuse. On Windows systems, this scored as medium due to differences in how paths and home directories are handled.

Affected Products

SolarWinds Serv-U 15.5.2.2.102

Fixed Software Release

SolarWinds Serv-U 15.5.3

Advisory Details

Severity

9.1 High

Advisory ID

First Published

11/18/2025

Last Updated

11/18/2025

Fixed Version

CVSS Score